CVE-2005-0397

Publication date 2 May 2005

Last updated 24 July 2024

Ubuntu priority

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
graphicsmagick	7.04 feisty	Fixed 1.1.7-8
	6.10 edgy	Fixed 1.1.7-8
	6.06 LTS dapper	Not in release
imagemagick	7.04 feisty	Fixed 6.2.4.5.dfsg1-0.14ubuntu0.1
	6.10 edgy	Fixed 6.2.4.5.dfsg1-0.10ubuntu0.3
	6.06 LTS dapper	Fixed 6.2.4.5-0.6ubuntu0.6

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-90-1
Imagemagick vulnerability
3 March 2005

Other references

https://www.cve.org/CVERecord?id=CVE-2005-0397